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AMENDMENTS TO THE CLAIMS 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 
Listing of Claims : 
Claims 1-12 (cancelled). 

Claim 13 (currently amended): A method of visualizing information about the security of a 
network, the method comprising: 

providing a 3-D visualization tool for simulating 3-D space on a two dimensional 
display device, said tool for accessing a database which relationally associates security events 
with network elements, 

wherein said database includes: 
temporal information reflecting a time at which each said security event occurred; 
information relating to a first property of each network element: and 
information relating to a second property of each network element; 

wherein each said security event is associated with at least one of a plurality 
of categories of security events; 

wherein said network elements are represented by geometric objects; 
visually depicting at least some of said categories of security events in a first section 
of said simulated 3-D space; 

Th e m e thod according to claim 13, whereim-said first section of simulated 
3-D space displays a first graph having a security event category axis and a temporal 
axis, each said displayed security event being visually indicated at a position on said 
graph corresponding to the category and time of the security event; 
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visually depicting at least some of said network elements in a second section of said 
simulated 3-D space; 

wherein said second section of simulated 3-D space displays a second graph 
having an axis pertaining to said first property and an axis pertaining to said second 
property, said graphical objects representing said network elements being displayed 
on the graph at axes positions corresponding to the first and second properties 
thereof; and 

displaying association lines in said 3-D simulated space between one or more 
displayed categories of security events and one or more displayed network elements ; 

wherein said association lines being drawn between said first graph and said 
second graph. 

Claim 14 (original): The method according to claim 13, wherein said association lines are 
drawn between positions of said first graph and said graphical objects representing said 
network elements. 

Claim 15 (original): The method according to claim 14, wherein: 

the first property is organizational role information for correlating each network 
element with a role in, or department of, the organization; and 

the second property is location information for indicating the physical location of 
each network element. 

Claim 16 (original): The method according to claim 13, including drawing a trusted 
relationship line between a graphical object representing a first network element and a 
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graphical object representing a second network element if the first network element can 
access data associated with the second network element. 

Claim 17 (original): The method according to claim 13, including differentiating amongst 
various types of network elements by varying the visual attributes or screen positions of said 
graphical objects representing said network elements. 

Claim 18 (original): The method according to claim 13, including displaying the frequency of 
security events at various positions in said first graph. 

Claim 19 (original): The method according to claim 13, including: 

storing in said database information about identities of attackers causing said 
security events; 

visually depicting said attackers as geometrical objects in a third section of said 
simulated 3-D space; and 

drawing association lines between said attackers and said security events. 

Claim 20 (original): The method according to claim 13, wherein said categories of security 
events are selected from the following group of event types: packet insertion, packet 
interception, application access, system file access, network access, denial of service, access 
permission, sniffing, security setup, impersonation, encryption, firewall. 

Claim 21 (cancelled). 
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Claim 22 (currently amended): A method of visualizing information about the security of a 
network, the method comprising: 

recording security events and the network elements affected thereby; 

associating each security event with at least one of a plurality of categories of 
security events; 

providing a 3-D visualization tool for simulating 3-D space on a two dimensional 
display device, and using said tool: 

visually depicting at least some of the categories of security events in a first section 
of simulated 3-D space; 

visually depicting at least some of the network elements in a second section of 
simulated 3-D space; 

drawing association lines between one or more displayed categories of security 
events and one or more displayed network elements affected thereby. 
Tho m e thod according to claim 21, comprising: 
recording a time at which each security event occurred; 
associating each network element with at least two properties; 
displaying in the first section of simulated 3-D space a first grid of cells, each cell 
being associated with a security event category and a temporal value, the security events 
being visually indicated by the cells of the first grid; and 

displaying in the second section of simulated 3-D space a second grid of cells, each 
cell being associated with an instance of the first property and an instance of the second 
property, wherein each displayed network element is represented by a geometric object 
disposed at a cell of the second grid that corresponds to the first and second properties of the 
network system; 
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said association lines being drawn between cells of the first grid and cells of the 
second grid. 

Claim 23 (original): The method according to claim 22, wherein the first property is an 
organizational role of the network element, and the second property is a physical location of 
the network element. 

Claim 24 (original): The method according to claim 22, including drawing a trusted 
relationship line between a graphical object representing a first network element and a 
graphical object representing a second network element if the first element can access data 
associated with the second element. 

Claim 25 (original): The method according to claim 22, including differentiating amongst 
various types of network elements by varying the visual attributes or screen positions of the 
respective geometric objects. 

Claim 26 (original): The method according to claim 22, including displaying the frequency of 
security event at the cells of the first grid. 

Claim 27 (original): The method according to claim 22, including: 

recording identities of attackers causing the security events; 

visually depicting the attackers as geometrical objects in a third section of the 
simulated 3-D space; and 

drawing association lines between the attackers and the security events. 


6 


Attorney Docket No.: 4365/4 


Claim 28 (original): A method of visualizing information about the security of a network, the 
method comprising: 

recording security events and the network elements affected thereby; 

recording a time at which each security event occurred; 

associating each security event with at least one of a plurality of categories of 
security events; 

associating each network element with one or more additional properties; 

providing a 3-D visualization tool for simulating 3-D space on a two dimensional 
display device, and using said tool: 

displaying a first grid of cells in the simulated 3-D space, each cell being associated 
with a security event category and a temporal value, the security events being visually 
indicated by the cells of the first grid; 

displaying a second grid of cells in the simulated 3-D space, each cell being 
associated with at least one of said properties, wherein each displayed network element is 
represented by a geometric object disposed at a cell of the second grid that corresponds to the 
value of said at least one property; and 

drawing association lines between one or more displayed security events and one or 
more displayed network elements affected thereby. 

Claim 29 (original): The method according to claim 28, including: 
recording identities of attackers causing the security events; 
visually depicting the attackers as geometrical objects in the simulated 3-D space; 

and 

drawing association lines between the attackers and the security events. 
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Claim 30 (cancelled). 

Claim 31 (original): Software for visualizing information stored in a database about the 
security of a network, wherein said database records: 

security events and the network elements associated therewith, each security event 
being associated with at least one of a plurality of categories of security events, each network 
element being associated with at least one property; and 

a time at which each security event occurred; 

the software having code for: 

simulating 3-D space on a two dimensional display device; 

displaying a first grid of cells in the simulated 3-D space, each cell being associated 
with a security event category and a temporal value, the security events being visually 
indicated by the cells of the first grid; 

displaying a second grid of cells in the simulated 3-D space, each cell being 
associated with an instance of a said at least one property, wherein a geometric object 
representing a displayed network element is disposed at a corresponding cell of the second 
grid; and 

drawing association lines between one or more displayed security events and one or 
more displayed network elements associated therewith. 
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